Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Problems to drill down Windows path
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi people I'm having some issues in a chart drill down that has Windows paths (like: C:\Users\Administrator). When I click in the windows paths to drill down it passes to the next dashboard the variable of the windows path (C:\Users\Administrator) and the search of the next dashboard cannot find any data since splunk search must double back slash to search properly.
If I do a search like: "sourcetype=src1 path="C:\Users\Administrator"" I cannot find any results, but If I search using this: "sourcetype=src1 path:"C:\\Users\\Administrator"" I can find the results. Is there any automatic way to transforms this single back slash into two back slashes (\\) maybe using eval.
Here are some data that may help you understand better:
Log:
date=10:16:08.000 AM 2/7/2014 10:16:08 path="C:\Users\Administrator" file=file.exe risk=High
date=10:12:33.000 AM 2/7/2014 05:39:28 path="C:\Users\Administrator" file=blocker.exe risk=High
Can someone help me?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found how:
instead of doing all in the same search string, I must pipe it to where and trim the directory
| where path=rtrim("$dir$ ")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to achieve this if I want to navigate to a folder path
Consider the result of splunk query
Name| path
Path1 | \abc\p1
Path2 | \abc\p2
I want to click and navigate to the paths .
For weburls i can achieve using $click.value2|n$
But in the case of folders and shared paths how to achieve this???
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found how:
instead of doing all in the same search string, I must pipe it to where and trim the directory
| where path=rtrim("$dir$ ")
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
